Linux Blog

If you’re a little paranoid like me, you often wonder what will happen if your laptop gets stolen. I’ve seen news articles and the like where an thief happened to steal a laptop and got caught because they stole the wrong persons laptop.

Today we have a one liner that will phone home when a user logs in. While this wont work if you have a password on your laptop, which is recommended, if you keep a dummy account called “User” or “Guest” with no password and the thief happens to log in, you could be in luck.

The simple SSH command opens up a remote port 2222 to the local port 22 which of course requires SSH to be running locally. It also uses the ssh identity file, for ano password ssh login, and the -N is for no shell. Set it up as an application that starts on login and if that account is set to auto connect to WiFi, it will connect as the user logs in. If you wanted to take it a step further you could combine it with autossh to continue trying to connect. It will also help if you have a static IP or DNS setup so that it will be able to connect if your device unfortunately goes missing.

I’m not really a huge consumer of hardware, but I today I got a Mac, more specifically a MacBook Air. It is my first brand new computer since I built my desktop which I probably never wrote about. I didn’t pay for it, as it was promotional item from training I signed up for. I had a choice of a Toshiba Ultrabook that never really closes, or the MacBook Air. After I thought about it, the choice was not too hard, I choose the one that would have the higher re-sale value, the better of the two OS’s, and probably better Linux support.

So far I’m impressed, it is a very elegant design, the internal hardware is meh but it does have a SSD which is the first I’ve owned. It would be nice to try and hook up an external monitor, but I’m not sinking any money into it, because I don’t really want to pay the standard $79 apple accessory fee, and am not sure if the thunderbolt port even converts to HDMI, and I’m sure as hell not going to buy a thunderbolt display. There is only two USB ports, which is rather pathetic, even my Netbook manages to squeeze 3, a VGA port and a media card reader in. As far as OSX, I’m not so happy with, it has a few nuances that will take some getting used to, such as the command key which changes the way I use the keyboard (command+t, command+w, etc.) There is probably a fix for that and I’ve already changed some settings to make it more familiar.

My DNS-323 NAS had to have some changes to the Samba config using funplug as it doesn’t connect with SECURITY=SHARE, it has to be SECURITY=USER, not sure why that is. I’m happy to report that my SDR experiments were just as hard with OSX as they were with Linux, I blame that to not really knowing much about radio theory. Other than that, installing XCode, Macports and writing this post I haven’t really had much time to play with it. I’ll stick out using OSX until the training is over, then I’ll look at another OS. Until then, it’ll be VM’s and SSH connections into the desktop PC, which while aging still has more horse power than the Air.

Description-en: Automatically restart SSH sessions and tunnels
autossh is a program to start an instance of ssh and monitor it, restarting it
as necessary should it die or stop passing traffic. The idea is from rstunnel
(Reliable SSH Tunnel), but implemented in C. Connection monitoring is done
using a loop of port forwardings. It backs off on the rate of connection
attempts when experiencing rapid failures such as connection refused.

It is available on most distributions, and even jailbroken iPhones. Its a great utility.

If you want to use it here’s howto:

Install it:

:~$ sudoapt-get install autossh

Run it:

:~$ autossh [host]

That’s pretty much all there is to running it, although if you want to check out all of its features you should read the help file and man pages. If you want you can resume your SSH sessions without using a password, by using the no password SSH login technique.

I SSH a lot. In the past I’ve pretty much always typed passwords to log on, but when trying to SSH in using my phone, with a good password it’s a pain to say the least. I had SSH Keys setup with password-less login before but usually ended up losing the thumb drive the key was on or updating my system and forgetting to update the key. We won’t discuss the security or best practice here, that’s for another post.

Anyhow I assume you’re reading this post because you want to set up a no password SSH logon by using keys for whatever reason, this post outlines how to do it. (You can also use a pass phrase if you feel so inclined.)

Happy new year! I guess it’s time for a yearly update, I feel like everyone else has done it and now its my turn. Hit the jump for some more statistics that are probably only interesting to yours truly.

Top 10 PostsInterestingly enough none of these were written this year. Perhaps I should write a query to extract the most popular ones of this year, I’m not sure they’re getting the same search love as my older stuff.

SSH is an amazing tool, I often find myself finding new and interesting ways (at least to me) to use it. It is a great tool to have in your toolbox.

This may be hard to explain in works, but here goes.

Picture this: you have 3 hosts, Host A has outbound access only and is on the same network as Host B. Host B has port 22 open, accepts ssh and is allowed to ssh to Host A. Host C is the computer you are sitting at and on a different network. So, you need to connect to Host A from host C. The way to do this is with SSH port forwarding.

Lets say Host A is 192.168.1.2, Host B is 192.168.1.1 and Host C is 10.0.0.1 on the different network. Host C also has port 22 open.

So, in order to connect to Host A from Host C you can do the following with local port forwarding:

One of the things that was on my whiteboard for some time was to set up a VPN for home use. Sure, I can do some remote SSH port forwarding, use ssh as a proxy or perhaps even use some Linux Tunneling Techniques but they’re not quite the same as a full blown VPN. You can use the VPN for access to remote services, to secure communications on untrusted networks or use it for mobile devices. Whatever your use its easy to set a VPN up with pptpd that can be used with your mobile and remote devices. (Read on …)

Video completely unrelated.
Ever tunneled or used tunneling for mobile Internet? Perhaps you have needed to otherwise tunnel to bypass a restrictive firewall or for a secure channel on an insecure wireless network. It seems that everyone knows how to tunnel using the ssh socks support and how to use Firefox’s about:config screen to set it to use a socks and remote DNS. While this is great for occasional web browsing it only takes you so far.

tsocks is a great application to let you tunnel other programs over socks. Its easy to install on most distributions and allows you to use many command line applications. I’ve used it on a number of occasions successfully and while it does its job its not the the best solution. This is because it was last updated in 2002 and doesn’t perform DNS lookups. I found myself using it to SSH to an IP address (memorized, or looked up through another SSH session) and using applications on the remote server.

proxychains is a bit of a better tunneling solution, it works the similarly to tsocks but It also resolves DNS and can chain multiple proxies. I’ve used it on numerous occasions with great success. ssh, lynx, lftp, irssi and a whole bunch of others work without any problems. Another plus is it has also been updated in the last 5 years (but not by much.)

One application I haven’t yet had the pleasure of trying on the desktop is 3proxy. I have used it on the iPhone but ended up using the ssh socks method more often. From its yum description and feature list, it sounds very promising and one definitely worth looking into.

Speaking from experience I know its kind of difficult to browse your distributions web repositories to find the files you need and install them (I had to do this since I didn’t have them) so I recommend you download these applications and save yourself some time before you need them on the road.

I have in the past been lazy enough to not wait for a host to come back, yet need to do something when it comes back. Lets say starting up that service I never got around to creating startup scripts for, or uploading new firmware. Well, I found this little trick on NSLU2-linux.org

sudo arping -f&&echo"True"

Obviously the echo “True” can be replaced with whatever you wish. A sleep may be good if you want some extra time before performing the action. Pair this with a SSH identity / key pair and you can perform the actions on the host remotely.

So, the last script for handling the screen didn’t quite work out as I had liked so I have stopped using it. Basically if you try to SCP something, it would flip out because there was no terminal. Also, if you were trying to do anything in X after logging in with SSH you would have to detach your screen session first, which could get annoying. I’ve came up with this snippet, its rather ugly but is intended to be run after you log in if you want to start a screen session. I’d like a solution that logs me in with this sort of dialog selection but also allows X and scp transfers to work if a selection is not made. Perhaps it could be done on a timer. Anyhow, here is the script:

rsync is a great tool used to copy or “sync” files locally or remotely. Having just lost a fair amount of important personal data its good to make the point that you can lose data if you use rsync, so make sure that you know what you are doing works before putting it into production.
“Whats so great about rsync?”
I hear you ask.

Well, there are many ways of copying data around, regular old cp, scp and rcp but what sets rsync apart is that it’s capable of syncing those files that have changed, or those that are missing. In other words, why do a full copy of all files, risking further corruption when only some have changed?
rsync also handles compression and verifies that the files were written correctly.
The syntax for rsync is fairly straightforward, those of you familiar with the rcp or scp should be easily able to relate to that of rsync.

The syntax for a local file copy is:

rsync [OPTION...] SRC... [DEST]

-avz is the option that I use most commonly.

-a for archive, -v for verbose and -z for compression. As lame as it may sound, I actually remember the syntax for this as “Alien Vs. Zeus.” Sounds stupid, but it actually works.

Since I do not normally sync directories locally, one of my hosts is usually remote. rsync is configured to use SSH by default, but rsh can be used if preferred. I stick with the default SSH for simplicity. The syntax is very similar to scp’s

If you like to back up all files matching a pattern the same syntax applies but you specify a pattern. An example is you could backup all .conf files from /etc (provided you have read access) to another host by doing the following:

rsync /etc/*.conf [USER@]HOST:DEST

If you do the above, I am assuming that you would also want to backup other configuration files within the /etc/ directory. Instinct tells you if you have read the man page to just use -r however you may want to just do a full backup as rsync with a pattern by default does not traverse into directories.

Compression is really a nice feature for transferring large amounts of data. To demonstrate the speed increases that the -z option gives my full /etc/ directory which is 48M. It took 0m12.671s with compression and 0m35.657s without. This was over wireless from a dual core 2GHz laptop to a 1.8GHz wired desktop, so your results may vary. Either way compression or no compression rsync is a handy utility that should be able to make your life of copying files around a little easier.